TCP connection failure[ HL7802] with AWS server

Hello.

I am trying to establish the TCP connection with my AWS server using sierra HL7802 .When I try to bring up the TCP connection its throwing PDP failure. But when I try to establish the TCP connection with google, Its working fine.

Here are the AT commands sequence I am using to establish the connection with my AWS server.It fails at KTCPCNX

Note: I have loaded the proper root,device and private keys to module,which are downloaded from my AWS and I am using Vodafone SIM for my test.

AT+WS46=12
OK
AT+WS46?
+WS46: 12
OK

AT+CSQ
+CSQ: 20,0
OK

AT+COPS=?
+COPS: (2,“Vodafone IN”,“40486”,0),(0,“IND airtel”,“airtel”,“40445”,0),(0,“CellOne”,“CellOne”,“40471”,0),(0-3),(0-2)
OK

AT+CREG?
+CREG: 1,1
OK

AT+KCNXCFG=1,“GPRS”,“www”
OK

AT+KSSLCFG?
+KSSLCFG: 0,3
+KSSLCFG: 2,0
OK

AT+KSSLCRYPTO=0,9,3,25456,12,4,2
OK

AT+KSSLCRYPTO?
+KSSLCRYPTO: 0,9,3,25456,12,4,2
+KSSLCRYPTO: 1,1,1,16,0,4,0
+KSSLCRYPTO: 2,1,1,32,0,4,0
+KSSLCRYPTO: 3,1,1,256,0,4,0
+KSSLCRYPTO: 4,1,1,512,0,4,0
+KSSLCRYPTO: 5,1,1,8192,4,4,0
+KSSLCRYPTO: 6,1,1,16384,8,4,0
+KSSLCRYPTO: 7,8,1,64,4,4,0
+KSSLCRYPTO: 8,8,1,8192,4,4,0
+KSSLCRYPTO: 9,8,2,16,0,4,0
+KSSLCRYPTO: 10,8,2,32,0,4,0
+KSSLCRYPTO: 11,8,2,64,4,4,0
+KSSLCRYPTO: 12,8,2,256,0,4,0
+KSSLCRYPTO: 13,8,2,512,0,4,0
+KSSLCRYPTO: 14,8,2,8192,4,4,0
+KSSLCRYPTO: 15,8,2,16384,8,4,0
OK

AT+KCNXPROFILE?
+KCNXPROFILE: 1
OK

AT+KCNXUP=1
OK
+KCNX_IND: 1,4,1
+KCNX_IND: 1,2,1,2,30

AT+KTCPCFG=1,3,“xxxxxxxxx.us-east-1.amazonaws.com”,8883
+KTCPCFG: 1
OK

AT+KTCPCNX=1
OK
+KCNX_IND: 1,4,1
+KCNX_IND: 1,1,0
+KCNX_IND: 1,4,2
+KCNX_IND: 1,2,2,2,30
+KTCP_NOTIF: 1,0

Would you please let me know what configuration I am missing.

Here is the successful TCP connection established when I use google.

AT+WS46=12
OK
AT+WS46?
+WS46: 12
OK

AT+CSQ
+CSQ: 20,0
OK

AT+COPS=?
+COPS: (2,“Vodafone IN”,“40486”,0),(0,“IND airtel”,“airtel”,“40445”,0),(0,“CellOne”,“CellOne”,“40471”,0),(0-3),(0-2)
OK

AT+CREG?
+CREG: 1,1
OK

AT+KCNXCFG=1,“GPRS”,“www”
OK

AT+KSSLCFG?
+KSSLCFG: 0,3
+KSSLCFG: 2,0
OK

AT+KSSLCRYPTO=0,9,3,25456,12,4,2
OK

AT+KSSLCRYPTO?
+KSSLCRYPTO: 0,9,3,25456,12,4,2
+KSSLCRYPTO: 1,1,1,16,0,4,0
+KSSLCRYPTO: 2,1,1,32,0,4,0
+KSSLCRYPTO: 3,1,1,256,0,4,0
+KSSLCRYPTO: 4,1,1,512,0,4,0
+KSSLCRYPTO: 5,1,1,8192,4,4,0
+KSSLCRYPTO: 6,1,1,16384,8,4,0
+KSSLCRYPTO: 7,8,1,64,4,4,0
+KSSLCRYPTO: 8,8,1,8192,4,4,0
+KSSLCRYPTO: 9,8,2,16,0,4,0
+KSSLCRYPTO: 10,8,2,32,0,4,0
+KSSLCRYPTO: 11,8,2,64,4,4,0
+KSSLCRYPTO: 12,8,2,256,0,4,0
+KSSLCRYPTO: 13,8,2,512,0,4,0
+KSSLCRYPTO: 14,8,2,8192,4,4,0
+KSSLCRYPTO: 15,8,2,16384,8,4,0
OK

AT+KCNXPROFILE?
+KCNXPROFILE: 1
OK

AT+KCNXUP=1
OK
+KCNX_IND: 1,4,1
+KCNX_IND: 1,2,1,2,30

AT+KTCPCFG=1,0,“www.google.com”,80
+KTCPCFG: 1
OK

+KCNX_IND: 1,4,2
+KCNX_IND: 1,1,0

AT+KTCPCNX=1
OK
+KTCP_IND: 1,1

Is there any configuration I am missing to establish the HL7802 - AWS TCP connection.

Hi jagadeesh.kumar,

Please try to set +CGDCONT the same APN with +KCNXCFG. Then re-attach. e.g.
AT+CGDCONT=1,“IP”,“www”
AT+KCNXCFG=1,"GPRS”,“www”
AT+CGATT=0
AT+CGATT=1
AT+CEREG?
//Wait +CEREG: 1,1
AT+KCNXUP=1
//Wait +KCNX_IND: 1,1,0
AT+KTCPCFG=1,3,“xxxxxxxxx.us-east-1.amazonaws.com”,8883
AT+KTCPCNX=1

Hi jagadessh.kumar
Please check CEREG to see that module is connected to LTE.
If you use 2G, please make sure that you define PDP context with cgdcont, detach and attach device again.
You are using TLS to connect to AWS AT+KTCPCFG=1,3,“xxxxxxxxx.us-east-1.amazonaws.com”,8883
So please add root CA, client cert and private key to HL7802, you can follow this document https://docs.aws.amazon.com/iot/latest/developerguide/register-device.html

Thanks,

Hi,
I have tried what you have suggested, but still I see the same issue.Here is the sequence of commands I have executed.
Note: Root,device and private certificates/keys are already loaded.

AT
OK
AT&K3
OK
AT+WS46=12
OK
AT+WS46?
+WS46: 12
OK
AT+CSQ
+CSQ: 16,99
OK
AT+COPS=?
+COPS: (2,“Vodafone IN”,“40486”,0),(0,“IND airtel”,“airtel”,“40445”,0),(0,“CellOne”,“CellOne”,“40471”,0),(0-3),(0-2)
OK
AT+CREG?
+CREG: 1,1
OK
AT+CGDCONT=1,“IP”,“www”
OK
AT+KCNXCFG=1,“GPRS”,“www”
OK
AT+CGATT=0
OK
AT+CGATT=1
OK
AT+CREG?
+CREG: 1,1
OK
AT+KSSLCFG?
+KSSLCFG: 0,3
+KSSLCFG: 2,0
OK
AT+KSSLCRYPTO=0,9,3,25456,12,4,2
OK
AT+KCNXPROFILE?
+KCNXPROFILE: 1
OK
AT+KCNXUP=1
OK
+KCNX_IND: 1,4,1
+KCNX_IND: 1,1,0
AT+KTCPCFG=1,3,“xxxxxxxxxxx.us-east-1.amazonaws.com”,8883
+KTCPCFG: 1
OK
AT+KTCPCNX=1
OK
+KTCP_NOTIF: 1,13

Is my SSL configuration (AT+KSSLCRYPTO=0,9,3,25456,12,4,2) is correct , is there any thing else I missed.

Hi,
If you want to authenticate server and provide client certificate to server, you need to set the following:
AT+KCERTSTORE=0
AT+KCERTSTORE=1,0
AT+KPRIVKSTORE=0
AT+KSSLCRYPTO=0,9,3,25456,12,4,3 //Authenticate server and provide client certificate to server